Author: hbelusca Date: Fri Mar 8 22:40:38 2013 New Revision: 58446 URL: http://svn.reactos.org/svn/reactos?rev=58446&view=rev Log: [SERVICES-ADVAPI32] - Check for possible null pointers (invalid address) before dereferencing them. - Correct some DPRINT formatting. Modified: trunk/reactos/base/system/services/rpcserver.c trunk/reactos/base/system/services/services.c trunk/reactos/dll/win32/advapi32/service/scm.c Modified: trunk/reactos/base/system/services/rpcserver.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/services/rpcse… ============================================================================== --- trunk/reactos/base/system/services/rpcserver.c [iso-8859-1] (original) +++ trunk/reactos/base/system/services/rpcserver.c [iso-8859-1] Fri Mar 8 22:40:38 2013 @@ -2764,7 +2764,7 @@ lpStr += (wcslen(lpStr) + 1); /* Append the group name */ - if (lpService->lpGroup != NULL) + if ((lpService->lpGroup != NULL) && (lpService->lpGroup->lpGroupName != NULL)) { wcscpy(lpStr, lpService->lpGroup->lpGroupName); } @@ -3733,6 +3733,11 @@ DPRINT("REnumServicesStatusA() called\n"); + if (pcbBytesNeeded == NULL || lpServicesReturned == NULL) + { + return ERROR_INVALID_ADDRESS; + } + if ((dwBufSize > 0) && (lpBuffer)) { lpStatusPtrW = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwBufSize); @@ -4496,6 +4501,11 @@ { DPRINT1("Invalid service manager handle!\n"); return ERROR_INVALID_HANDLE; + } + + if (pcbBytesNeeded == NULL || lpServicesReturned == NULL) + { + return ERROR_INVALID_ADDRESS; } *pcbBytesNeeded = 0; @@ -5750,6 +5760,11 @@ DPRINT("REnumServicesStatusExA() called\n"); + if (pcbBytesNeeded == NULL || lpServicesReturned == NULL) + { + return ERROR_INVALID_ADDRESS; + } + if (pszGroupName) { pszGroupNameW = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, (strlen(pszGroupName) + 1) * sizeof(WCHAR)); @@ -5893,6 +5908,11 @@ { DPRINT1("Invalid service manager handle!\n"); return ERROR_INVALID_HANDLE; + } + + if (pcbBytesNeeded == NULL || lpServicesReturned == NULL) + { + return ERROR_INVALID_ADDRESS; } *pcbBytesNeeded = 0; Modified: trunk/reactos/base/system/services/services.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/services/servi… ============================================================================== --- trunk/reactos/base/system/services/services.c [iso-8859-1] (original) +++ trunk/reactos/base/system/services/services.c [iso-8859-1] Fri Mar 8 22:40:38 2013 @@ -173,7 +173,7 @@ hPipe = (HANDLE)Context; - DPRINT("ScmNamedPipeThread(%lu) - Accepting SCM commands through named pipe\n", hPipe); + DPRINT("ScmNamedPipeThread(%p) - Accepting SCM commands through named pipe\n", hPipe); for (;;) { @@ -201,13 +201,13 @@ } } - DPRINT("ScmNamedPipeThread(%lu) - Disconnecting named pipe connection\n", hPipe); + DPRINT("ScmNamedPipeThread(%p) - Disconnecting named pipe connection\n", hPipe); FlushFileBuffers(hPipe); DisconnectNamedPipe(hPipe); CloseHandle(hPipe); - DPRINT("ScmNamedPipeThread(%lu) - Done.\n", hPipe); + DPRINT("ScmNamedPipeThread(%p) - Done.\n", hPipe); return ERROR_SUCCESS; } @@ -237,7 +237,7 @@ return FALSE; } - DPRINT("CreateNamedPipe() - calling ConnectNamedPipe(%x)\n", hPipe); + DPRINT("CreateNamedPipe() - calling ConnectNamedPipe(%p)\n", hPipe); bConnected = ConnectNamedPipe(hPipe, NULL) ? TRUE : (GetLastError() == ERROR_PIPE_CONNECTED); DPRINT("CreateNamedPipe() - ConnectNamedPipe() returned %d\n", bConnected); Modified: trunk/reactos/dll/win32/advapi32/service/scm.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/service… ============================================================================== --- trunk/reactos/dll/win32/advapi32/service/scm.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/advapi32/service/scm.c [iso-8859-1] Fri Mar 8 22:40:38 2013 @@ -165,6 +165,8 @@ TRACE("ChangeServiceConfig2A() called\n"); + if (lpInfo == NULL) return TRUE; + /* Fill relevent field of the Info structure */ Info.dwInfoLevel = dwInfoLevel; switch (dwInfoLevel) @@ -184,9 +186,6 @@ return FALSE; } - if (lpInfo == NULL) - return TRUE; - RpcTryExcept { dwError = RChangeServiceConfig2A((SC_RPC_HANDLE)hService, @@ -223,6 +222,8 @@ DWORD dwError; TRACE("ChangeServiceConfig2W() called\n"); + + if (lpInfo == NULL) return TRUE; /* Fill relevent field of the Info structure */ Info.dwInfoLevel = dwInfoLevel; @@ -241,9 +242,6 @@ SetLastError(ERROR_INVALID_PARAMETER); return FALSE; } - - if (lpInfo == NULL) - return TRUE; RpcTryExcept { @@ -923,6 +921,12 @@ if (!hSCManager) { SetLastError(ERROR_INVALID_HANDLE); + return FALSE; + } + + if (pcbBytesNeeded == NULL || lpServicesReturned == NULL) + { + SetLastError(ERROR_INVALID_ADDRESS); return FALSE; } @@ -1027,6 +1031,12 @@ return FALSE; } + if (pcbBytesNeeded == NULL || lpServicesReturned == NULL) + { + SetLastError(ERROR_INVALID_ADDRESS); + return FALSE; + } + if (lpServices == NULL || cbBufSize < sizeof(ENUM_SERVICE_STATUSA)) { lpStatusPtr = &ServiceStatus; @@ -1110,6 +1120,12 @@ if (!hSCManager) { SetLastError(ERROR_INVALID_HANDLE); + return FALSE; + } + + if (pcbBytesNeeded == NULL || lpServicesReturned == NULL) + { + SetLastError(ERROR_INVALID_ADDRESS); return FALSE; } @@ -1207,8 +1223,13 @@ return FALSE; } - if (lpServices == NULL || - cbBufSize < sizeof(ENUM_SERVICE_STATUS_PROCESSA)) + if (pcbBytesNeeded == NULL || lpServicesReturned == NULL) + { + SetLastError(ERROR_INVALID_ADDRESS); + return FALSE; + } + + if (lpServices == NULL || cbBufSize < sizeof(ENUM_SERVICE_STATUS_PROCESSA)) { lpStatusPtr = &ServiceStatus; dwBufferSize = sizeof(ENUM_SERVICE_STATUS_PROCESSA); @@ -1307,8 +1328,13 @@ return FALSE; } - if (lpServices == NULL || - cbBufSize < sizeof(ENUM_SERVICE_STATUS_PROCESSW)) + if (pcbBytesNeeded == NULL || lpServicesReturned == NULL) + { + SetLastError(ERROR_INVALID_ADDRESS); + return FALSE; + } + + if (lpServices == NULL || cbBufSize < sizeof(ENUM_SERVICE_STATUS_PROCESSW)) { lpStatusPtr = &ServiceStatus; dwBufferSize = sizeof(ENUM_SERVICE_STATUS_PROCESSW);